Debian Bug report logs -
#894648
CVE-2018-9127
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 2 Apr 2018 20:45:04 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version botan/2.4.0-1
Fixed in version botan/2.4.0-5
Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#894648; Package src:botan.
(Mon, 02 Apr 2018 20:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>.
(Mon, 02 Apr 2018 20:45:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: botan
Severity: grave
Tags: security
Please see https://botan.randombit.net/security.html
Cheers,
Moritz
Marked as found in versions botan/2.4.0-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 03 Apr 2018 05:12:02 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream and upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 03 Apr 2018 05:12:03 GMT) (full text, mbox, link).
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility.
(Tue, 03 Apr 2018 06:09:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Tue, 03 Apr 2018 06:09:07 GMT) (full text, mbox, link).
Message #14 received at 894648-close@bugs.debian.org (full text, mbox, reply):
Source: botan
Source-Version: 2.4.0-5
We believe that the bug you reported is fixed in the latest version of
botan, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 894648@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated botan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 03 Apr 2018 05:04:53 +0000
Source: botan
Binary: botan libbotan-2-4 libbotan-2-dev libbotan-2-doc python3-botan
Architecture: source amd64 all
Version: 2.4.0-5
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
botan - multiplatform crypto library (2.x version)
libbotan-2-4 - multiplatform crypto library (2.x version)
libbotan-2-dev - multiplatform crypto library (2.x version)
libbotan-2-doc - multiplatform crypto library (2.x version)
python3-botan - multiplatform crypto library (2.x version), Python3 module
Closes: 894648
Changes:
botan (2.4.0-5) unstable; urgency=high
.
* Backport security fix for invalid wildcard match (closes: #894648).
* Backport fix for validation tests due to test certs had expired.
Checksums-Sha1:
fc28eadde4538387977710dddfbe5b55ad49b827 2047 botan_2.4.0-5.dsc
537bd63b976bb45ddaf12a7af4a930b92251681a 8732 botan_2.4.0-5.debian.tar.xz
afe35511b1e19959e20d4521fedf67b1415572fe 2150156 botan-dbgsym_2.4.0-5_amd64.deb
8003c267eb027f4ba51b6b1acc965052498fc559 9940 botan_2.4.0-5_amd64.buildinfo
898f89eb7191ac19bfa75c2b50d3c51dd0e39e22 156388 botan_2.4.0-5_amd64.deb
fb1a5489dd4d4bdd9a6096c72f191adab96643e6 23083756 libbotan-2-4-dbgsym_2.4.0-5_amd64.deb
4648e65077cb79a885601ca5a7aed68d06dc1504 1423176 libbotan-2-4_2.4.0-5_amd64.deb
0e071b01bd157e1f1890d41315281df2a0879315 2099600 libbotan-2-dev_2.4.0-5_amd64.deb
db4165bb996d577e7760abf7764731216a9d251b 335108 libbotan-2-doc_2.4.0-5_all.deb
3c60fda94dd4ea37857be71205efe2897e39ddd3 10300 python3-botan_2.4.0-5_amd64.deb
Checksums-Sha256:
88438d15c7c163d30468ad2f1ba90123205d6de30233aad2dc2915aae4e627bf 2047 botan_2.4.0-5.dsc
71bcd5e5db22db1519200efbc54a9cb05fae23723e2d2c06e6f63eafcf3c12eb 8732 botan_2.4.0-5.debian.tar.xz
31199b5d1df1034914c79991e31233cbc166e6fec7aec05eb3653633ddb47a40 2150156 botan-dbgsym_2.4.0-5_amd64.deb
66877a8ffccc0f4ce056825ba20ddfa45fbb889aea170f9618fbc69fd50ef7bc 9940 botan_2.4.0-5_amd64.buildinfo
36882eeedee2de11f455660fed7d96f8aa05612928908e995f8e4ac3a612052e 156388 botan_2.4.0-5_amd64.deb
d1d7e4deb2fef96a45f9e9860fc922b9eb2516e5f98f0e3a58bac2501e572521 23083756 libbotan-2-4-dbgsym_2.4.0-5_amd64.deb
5a965bfab17e05690f361363f3b8098c4a13e32efae29930a74e61037ec77a6c 1423176 libbotan-2-4_2.4.0-5_amd64.deb
ebc3e25f1b146578ea0dae08ea9446afd6ba325d9e7328537f78774b3cd24a46 2099600 libbotan-2-dev_2.4.0-5_amd64.deb
0c4b5664173eb492ee606934ae5ec8c9a1cb7fd4fb8eb7a28aa265c5f29d3727 335108 libbotan-2-doc_2.4.0-5_all.deb
aa84ddae29859ce37a68a7edde74eccb23bd68861268e898804e340abdf54a75 10300 python3-botan_2.4.0-5_amd64.deb
Files:
937d96375e6beb2772f304c3ba1c3553 2047 libs optional botan_2.4.0-5.dsc
71c3a50f26215385f4a765fa64b8372b 8732 libs optional botan_2.4.0-5.debian.tar.xz
e871fa0ff93f3c7526f3eb7ba0abe3ab 2150156 debug optional botan-dbgsym_2.4.0-5_amd64.deb
743173e9af44482cb616e9bed1c4bb7c 9940 libs optional botan_2.4.0-5_amd64.buildinfo
5111b4a7f9f2d42beb3137a56680db53 156388 libdevel optional botan_2.4.0-5_amd64.deb
19fcd68b40ab0c67c1663186259a1bac 23083756 debug optional libbotan-2-4-dbgsym_2.4.0-5_amd64.deb
7d92cec8370d2b16ee72e56ffcc761a7 1423176 libs optional libbotan-2-4_2.4.0-5_amd64.deb
321f0a8bdb6a30a5ac67274543103b06 2099600 libdevel optional libbotan-2-dev_2.4.0-5_amd64.deb
b7a02829730f29554cc5b4b90e195d23 335108 doc optional libbotan-2-doc_2.4.0-5_all.deb
acbba568b6efcf46debfe61f604eac40 10300 python optional python3-botan_2.4.0-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlrDFAgACgkQ3OMQ54ZM
yL+eZQ//b9TQuhFxz2KamVCG0fcDBpA79DzJS0bOUbVs4ZN7fy5aUW6Qh7gn28rq
3nKDCkP2unFL6E+CtDMkKNqBAY9V4b353WHsGCYPq2U+5BST0qQ/itLv1hSDCcHF
nPFGGA1CLoWESn62sWp2UCwWnvQlHVVFsgPtsbxNo7qHGC/GeMBt6NIObMSk7sO3
+GSs/xlGerCltADiL1TeQggUWRA8t8AAICOLcko4vAOCjKrQ+U5BiqS+Wz74xM8Y
f8o9SBwaj/v3VgNiQt7Y7Ln5CS1cziouZt0Tkt6h4smzrcjM/urCCP2FtJE6VLki
K7ULRXougDOxxX2G1gWNdBfv7q4rnZEVovYY05XiaUVJMOSZC4tJPbGhWyFzssps
tGtm2PrYVG+ex7dAV79Ey9I+Sby/de58Tu1lRdy82SdyuPeaRxVs6+ZHp8s/zj7q
9hYcbl/bziEK56FLC+mAaU5jMMx1v5qRk7ND3uo8nRSkCInx03DO+Tfp2z0fbkQQ
yfZF2kayHbHO5l0rFnWu9UcCfsaqNfswI43t93NHQfuileCkIlpGZw4j/LZxneHg
6Ioyk9SQUSC2qnC9LI3QmlmTYafN4VQ8JcX3i6yKkBI4gpIPld3F+57z5Rs2BARQ
MBMxp8b/Mdr68rhbAJ/PC6DfN/Hx4i/+FQJwmUU/lSMINhDY6vg=
=Ac9+
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 12 May 2018 07:27:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:30:49 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon